Chapter 2 Flashcards
The Concept of System Security
A secure system must deliver its intended behaviours and outcomes while avoiding unintended ones that may lead to unacceptable asset loss.
User Intent
User intent refers to the system delivering behavious and outcomes expected by the user, which is a key aspect of security.
Design Intent
Design intent implies that the system should meet the behaviours and outcomes defined in its design, which is another key aspect of security.
Primary Security Goal
The primary security goal is to ensure that the only intended behaviours and outcomes take place within and through the system. Every security requirement stems from this objective.
Mediated Access
Mediated access means controlling access by enforcing constraints and following non-conflicting rules, a fundamental principle in trustworthy secure design.
Security Policies
Security policies define the scope of control, bounds for application, and rules governing the behaviour and outcomes of subjects, objects, and operations. They are derived from various sources.
Trustworthiness and Security Policies
Trustworthiness depends on the accuracy, consistency, compatibility, and completeness of security policy rules. Inconsistencies or gaps can lead to vulnerabilities.
Adequately Secure System
An adequately secure system possesses resilience to adversity, behaviour and outcome control, and rule-based access control.
Resilience to Adversity
Resilience to adversity implies that a secure system can deliver its intended capabilities even when facing deliberate or accidental adversities.
Rule-Based Access Control
Rule-based access control involves enforcing rules to permit authorised human-to-machine and machine-to-machine interactions while ensuring behaviour and outcome control.
Determining Adequate Security
Adequate security depends on evidence-based assessments that optimise security while considering performance objectives and constraints. It is context-dependent and subjective.
As Secure as Reasonable Practicable (ASARP)
Being ASARP means increasing security further would result in disproportionate costs, schedule delays, or unacceptable compromises
Protective Failure
Protective failure involves detaching form an insecure state or impending transition to one and taking responsive actions to prevent further failures.
Protective Recovery
Protective recovery focuses on transitioning from an insecure state to a secure state or a less insecure one while preventing further state transitions.
Characteristics of Systems
The security and trustworthiness of systems are influenced by various characteristics, interactions with other systems, and their roles within a system of systems.
Criticality of a System
The level of importance or criticality of a system within its context can influence the rigor and extent of security measures.
Ramifications of System Failure
Understanding the consequences of a system’s failure is essential in shaping security requirements.
Approach to System Acquisition
How a system is acquired, whether developed, bought, or reused, affects the security strategies and considerations.
Value and Sensitivity of Assets
The value, sensitivity, and criticality of assets entrusted to and used by the system directly relate to security requirements.
Concept of Assets
Assets are valuable items or entities, categorised as tangible (physical) and intangible (non-physical)
Valuation of Assets
Valuing an asset is crucial for making decisions about investing in its protection, but varying stakeholder perspectives may need to be reconciled.
The Concepts of Loss and Loss Control
Loss refers to the experience of an asset being taken away or destroyed. Loss control objectives guide decisions on loss prevention and mitigation to protect asset characteristics.
Addressing Loss
Addressing loss involves the implementation of protective measures to ensure that only authorised and intended behaviours and outcomes occur within the system
Structured Reasoning about Asset Loss
A structured approach to reasoning about asset loss involves elements like the context of loss, significance of loss, confidence in addressing loss, cause of loss, and addressing loss.
Evidence-Based Assurance
Demonstrating confidence in addressing loss relies on evidence that is well-documented and evolves as the system develops. Assurance cases show how system features and capabilities create a solid evidence base.
Systems Security Engineering
Systems security engineering is a specialised branch of systems engineering that takes a holistic approach to ensure the success of secure systems throughout their entire lifecycle, considering various aspects like risk assessment, cost-benefit analysis, and transdisciplinary approaches.
Required Capability vs Protection Capability
When demonstrating adequate security, one must consider both the required capability (what the system is designed to do) and the protection capability (security features).
Limits of Certainty
Being aware of potential errors, gaps, or inconsistencies in requirements is crucial when demonstrating adequate security, as it’s impossible to guarantee the absence of all loss due to uncertainty.
